/* returns 0 on success, > 0 on failure */
static int
init_challenge(char *domain, char *domain_controller)
{
int smberr;
if (handle != NULL) {
return 0;
}
debug("Connecting to server %s domain %s\n", domain_controller, domain);
handle = SMB_Connect_Server(NULL, domain_controller, domain);
smberr = SMB_Get_Last_Error();
SMB_Get_Error_Msg(smberr, errstr, 1000);
if (handle == NULL) { /* couldn't connect */
debug("Couldn't connect to SMB Server. Error:%s\n", errstr);
return 1;
}
if (SMB_Negotiate(handle, SMB_Prots) < 0) { /* An error */
debug("Error negotiating protocol with SMB Server\n");
SMB_Discon(handle, 0);
handle = NULL;
return 2;
}
if (handle->Security == 0) { /* share-level security, unuseable */
debug("SMB Server uses share-level security .. we need user security.\n");
SMB_Discon(handle, 0);
handle = NULL;
return 3;
}
memcpy(challenge, handle->Encrypt_Key, NONCE_LEN);
SMBencrypt((unsigned char *)"",challenge,lmencoded_empty_pass);
SMBNTencrypt((unsigned char *)"",challenge,ntencoded_empty_pass);
return 0;
}
int
Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN)
{
int pass_is_precrypted_p = 0;
char *SMB_Prots[] =
{
/* "PC NETWORK PROGRAM 1.0", */
/* "MICROSOFT NETWORKS 1.03", */
/* "MICROSOFT NETWORKS 3.0", */
"LANMAN1.0",
"LM1.2X002",
"Samba",
/* "NT LM 0.12", */
/* "NT LANMAN 1.0", */
NULL};
SMB_Handle_Type con;
SMB_Init();
con = SMB_Connect_Server(NULL, SERVER, DOMAIN);
if (con == NULL) { /* Error ... */
con = SMB_Connect_Server(NULL, BACKUP, DOMAIN);
if (con == NULL) {
return (NTV_SERVER_ERROR);
}
}
if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */
SMB_Discon(con, 0);
return (NTV_PROTOCOL_ERROR);
}
/* Test for a server in share level mode do not authenticate against it */
if (con->Security == 0) {
SMB_Discon(con, 0);
return (NTV_PROTOCOL_ERROR);
}
if (SMB_Logon_Server(con, USERNAME, PASSWORD, DOMAIN, pass_is_precrypted_p) < 0) {
SMB_Discon(con, 0);
return (NTV_LOGON_ERROR);
}
SMB_Discon(con, 0);
return (NTV_NO_ERROR);
}
void *
NTLM_Connect(char *SERVER, char *BACKUP, char *DOMAIN, char *nonce)
{
char *SMB_Prots[] =
{
/* "PC NETWORK PROGRAM 1.0", */
/* "MICROSOFT NETWORKS 1.03", */
/* "MICROSOFT NETWORKS 3.0", */
"LANMAN1.0",
"LM1.2X002",
"Samba",
/* "NT LM 0.12", */
/* "NT LANMAN 1.0", */
NULL};
SMB_Handle_Type con;
SMB_Init();
con = SMB_Connect_Server(NULL, SERVER, DOMAIN);
if (con == NULL) { /* Error ... */
con = SMB_Connect_Server(NULL, BACKUP, DOMAIN);
if (con == NULL) {
return (NULL);
}
}
if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */
SMB_Discon(con, 0);
return (NULL);
}
/* Test for a server in share level mode do not authenticate against it */
if (con->Security == 0) {
SMB_Discon(con, 0);
return (NULL);
}
memcpy(nonce, con->Encrypt_Key, 8);
return (con);
}
SMB_Handle_Type SMB_Connect(SMB_Handle_Type Con_Handle,
SMB_Tree_Handle *tree,
char *service,
char *username,
char *password)
{ SMB_Handle_Type con;
char *host, *address;
char temp[80], called[80], calling[80];
int i;
/* Get a connection structure if one does not exist */
con = Con_Handle;
if (Con_Handle == NULL) {
if ((con = (struct SMB_Connect_Def *)malloc(sizeof(struct SMB_Connect_Def))) == NULL) {
SMBlib_errno = SMBlibE_NoSpace;
return NULL;
}
}
/* Init some things ... */
strcpy(con -> service, service);
strcpy(con -> username, username);
strcpy(con -> password, password);
strcpy(con -> sock_options, "");
strcpy(con -> address, "");
strcpy(con -> PDomain, SMBLIB_DEFAULT_DOMAIN);
strcpy(con -> OSName, SMBLIB_DEFAULT_OSNAME);
strcpy(con -> LMType, SMBLIB_DEFAULT_LMTYPE);
con -> first_tree = con -> last_tree = NULL;
SMB_Get_My_Name(con -> myname, sizeof(con -> myname));
con -> port = 0; /* No port selected */
/* Get some things we need for the SMB Header */
con -> pid = getpid();
con -> mid = con -> pid; /* This will do for now ... */
con -> uid = 0; /* Until we have done a logon, no uid */
con -> gid = getgid();
/* Now figure out the host portion of the service */
strcpy(temp, service);
host = strtok(temp, "/\\"); /* Separate host name portion */
strcpy(con -> desthost, host);
/* Now connect to the remote end, but first upper case the name of the
service we are going to call, sine some servers want it in uppercase */
for (i=0; i < strlen(host); i++)
called[i] = toupper(host[i]);
called[strlen(host)] = 0; /* Make it a string */
for (i=0; i < strlen(con -> myname); i++)
calling[i] = toupper(con -> myname[i]);
calling[strlen(con -> myname)] = 0; /* Make it a string */
if (strcmp(con -> address, "") == 0)
address = con -> desthost;
else
address = con -> address;
con -> Trans_Connect = RFCNB_Call(called,
calling,
address, /* Protocol specific */
con -> port);
/* Did we get one? */
if (con -> Trans_Connect == NULL) {
if (Con_Handle == NULL) {
free(con);
Con_Handle = NULL;
}
SMBlib_errno = -SMBlibE_CallFailed;
return NULL;
}
/* Now, negotiate the protocol */
if (SMB_Negotiate(con, SMB_Prots_Restrict) < 0) {
/* Hmmm what should we do here ... We have a connection, but could not
negotiate ... */
return NULL;
}
/* Now connect to the service ... */
if ((*tree = SMB_TreeConnect(con, NULL, service, password, "A:")) == NULL) {
return NULL;
}
return(con);
}
main(int argc, char *argv[])
{
void *con, *tree;
extern char *optarg;
extern int optind;
int opt, error, SMB_Error, err_class, err_code, pwlen, tries = 0;
char server[80], service[80], service_name[160], password[80], username[80];
char old_password[80], err_string[1024];
server[0] = 0;
strncpy(service, "IPC$", sizeof(service) - 1);
service_name[0] = 0;
username[0] = 0;
password[0] = 0;
old_password[0] = 0;
while ((opt = getopt(argc, argv, "s:u:l:v")) != EOF) {
switch (opt) {
case 's':
strcpy(service, optarg);
break;
case 'u': /* Pick up the user name */
strncpy(username, optarg, sizeof(username) - 1);
break;
case 'l': /* pick up password len */
pwlen = atoi(optarg);
break;
case 'v': /* Verbose? */
verbose = TRUE;
break;
default:
usage();
exit(1);
break;
}
}
if (optind < argc) { /* Some more parameters, assume is the server */
strncpy(server, argv[optind], sizeof(server) - 1);
optind++;
} else {
strcpy(server, "nemesis");
}
if (verbose == TRUE) { /* Print out all we know */
fprintf(stderr, "Finding password for User: %s, on server: %s\n",
username, server);
fprintf(stderr, "with a pwlen = %i\n", pwlen);
}
SMB_Init(); /* Initialize things ... */
/* We connect to the server and negotiate */
con = SMB_Connect_Server(NULL, server);
if (con == NULL) { /* Error processing */
fprintf(stderr, "Unable to connect to server %s ...\n", server);
if (SMB_Get_Last_Error() == SMBlibE_Remote) {
SMB_Error = SMB_Get_Last_SMB_Err();
SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error),
SMBlib_Error_Code(SMB_Error),
err_string,
sizeof(err_string) - 1);
} else {
SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
}
printf(" %s\n", err_string);
exit(1);
}
/* We need to negotiate a protocol better than PC NetWork Program */
if (SMB_Negotiate(con, SMB_Prots) < 0) {
fprintf(stderr, "Unable to negotiate a protocol with server %s ...\n",
server);
if (SMB_Get_Last_Error() == SMBlibE_Remote) {
SMB_Error = SMB_Get_Last_SMB_Err();
SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error),
SMBlib_Error_Code(SMB_Error),
err_string,
sizeof(err_string) - 1);
} else {
SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
}
printf(" %s\n", err_string);
exit(1);
}
sprintf(service_name, "\\\\%s\\%s", server, service); /* Could blow up */
/* Now loop through all password possibilities ... */
memset(password, 0, sizeof(password));
while (next_password(password, pwlen) == TRUE) {
if ((tree = SMB_Logon_And_TCon(con,
NULL,
username,
password,
service_name, "?????")) == NULL) {
if (verbose == TRUE) { /* Lets hear about the error */
fprintf(stderr, "Unable to logon and tree connect to server %s ...\n",
server);
fprintf(stderr, "With username: %s, and password: %s\n",
username, print_password(password));
if (SMB_Get_Last_Error() == SMBlibE_Remote) {
SMB_Error = SMB_Get_Last_SMB_Err();
SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error),
SMBlib_Error_Code(SMB_Error),
err_string,
sizeof(err_string) - 1);
} else {
SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
}
printf(" %s\n", err_string);
}
} else { /* Password match */
fprintf(stderr, "Logged in with password:%s\n",
print_password(password));
/* Exit now ... */
exit(0);
}
}
fprintf(stderr, "Passwords exhausted.");
}